CI #14
CI #14
Conversation
ci/task-helm-upgrade.yaml
Outdated
| - -c | ||
| - | | ||
| set -exo pipefail | ||
| helm upgrade kubernikus kubernikus.git/charts/kube-master/ --values secrets.git/$REGION/values/kubernikus.yaml |
There was a problem hiding this comment.
where are the secrets stored/ where should the be stored?
There was a problem hiding this comment.
good question. cc/secrets for now I would say. The plan is to deploy kubernikus in every region is having it in cc/secrets is not the worst idea I think
Dockerfile
Outdated
| MAINTAINER "Fabian Ruff <[email protected]>" | ||
|
|
||
| RUN apk add --no-cache file | ||
| ADD bin/linux/docker.tar /bin/ |
There was a problem hiding this comment.
Why the dance with tar?
Can't we just do
RUN wget -O /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.0/dumb-init_1.2.0_amd64 && chmod +x /usr/bin/dumb-init
ADD bin/linux/ /bin/
ci/pipeline.yaml
Outdated
| image_resource: | ||
| type: docker-image | ||
| source: | ||
| repository: hub.global.cloud.sap/monsoon/monsoon-pipeline |
There was a problem hiding this comment.
I would not use this image anymore. Its outdated and unmainted AFAIK.
ci/pipeline.yaml
Outdated
| docker login -e="." -u="$DOCKER_SAPCC_USER" -p="$DOCKER_SAPCC_PW" hub.docker.com | ||
| # patch the upstream Dockerfile to add SAP CAs | ||
| cat >>Dockerfile <<-EOF | ||
| RUN apk add --update wget ca-certificates && \ |
There was a problem hiding this comment.
I'm not sure why we need that. All Openstack endpoints have a proper Symantec cert by now, even staging AFAIK.
Also I don't like meddling with the Dockerfile in this way. If we need this we should have this in the Dockerfile.
I suggest leaving it out for now and reconsider when we really need it.
ci/pipeline.yaml
Outdated
| cat >>Dockerfile <<-EOF | ||
| RUN apk add --update wget ca-certificates && \ | ||
| wget -O /usr/local/share/ca-certificates/SAP_Global_Root_CA.crt http://aia.pki.co.sap.com/aia/SAP%20Global%20Root%20CA.crt && \ | ||
| wget -O /usr/local/share/ca-certificates/SAP_Global_Sub_CA_02.crt http://aia.pki.co.sap.com/aia/SAP%20Global%20Sub%20CA%2002.crt && \ |
There was a problem hiding this comment.
This Sub certs are definitely not needed. They just clutter up the script.
ci/pipeline.yaml
Outdated
| EOF | ||
| yum -y install gcc glibc-static | ||
| # cannot just `yum install go` because go-1.6 from the repo is too old | ||
| curl https://storage.googleapis.com/golang/go1.8.linux-amd64.tar.gz | ( cd /usr/local && tar xzf - ) |
There was a problem hiding this comment.
I would create a build environment in this way.
My suggestion would be to use a standard 1.8.3-alpine3.6 instead of the monsoon pipeline image.
Or we could also try out the new multistage docker build feature: https://docs.docker.com/engine/userguide/eng-image/multistage-build/
This would remove the entire task from concourse and we would build the binary and the image in the put step. its never been done before but it might be worth trying.
ci/task-helm-upgrade.yaml
Outdated
| - -c | ||
| - | | ||
| set -exo pipefail | ||
| helm upgrade kubernikus kubernikus.git/charts/kube-master/ --values secrets.git/$REGION/values/kubernikus.yaml |
There was a problem hiding this comment.
good question. cc/secrets for now I would say. The plan is to deploy kubernikus in every region is having it in cc/secrets is not the worst idea I think
charts/kubernikus/values.yaml
Outdated
| log_level: 1 | ||
|
|
||
| groundctl: | ||
| auth_url: "http://identityv3.openstack:5000/v3" |
There was a problem hiding this comment.
I would not put those in as actual default values.
I think its better leave them in commented and reference them in the chart with:
{{ required "Missing value auth_url" .Values.auth_url }}
That what you get a nice error when trying to install this chart with missing values.
updated makefile, added dockerfile and pipeline.
TODO: